KubeHound icon indicating copy to clipboard operation
KubeHound copied to clipboard
verified publisher icon DataDog

Feature DSL: mainCriticalPaths() which provide a minimal set of attack path

Open theoberthier opened this issue 11 months ago • 2 comments

Hello ! i would propose a feature of DSL language. I've seen when i make request with criticalPaths(), we have a set of critical paths, and the parameter (int maxHops) is used to define the depth.

When i launch criticalPaths by hands like :

kh.endpoints()
    .outE()
    .inV()
    .has("image","exemple")
    .repeat(
        outE()
        .inV()
        .simplePath()
    )
    .until(
        has("class","PermissionSet")
        .has("critical",true)
    )
    .dedup()  # dedup delete all redundant path
    .path()
    .by(elementMap())

What do you think it's intresting feature to propose mainCriticalPaths() ?This feature provide a minimal overview of what attackers can generally do with a specific resource.

theoberthier avatar Feb 05 '25 15:02 theoberthier

Hi @theoberthier,

I will look at this and provide you with feedback in the week.

Thank you.

Zenithar avatar Feb 11 '25 16:02 Zenithar

Hi @theoberthier,

We didn't have time to discuss this internally this week, I will try to provide you with feedback next week.

Thank you.

Zenithar avatar Feb 14 '25 06:02 Zenithar